Your message dated Mon, 30 May 2022 14:36:28 +0000
with message-id <[email protected]>
and subject line Bug#1011372: fixed in openvpn 2.6.0~git20220518+dco-2
has caused the Debian Bug report #1011372,
regarding openvpn 2.6 fails to communicate due to auth errors
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1011372: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011372
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openvpn
Version: 2.6.0~git20220518+dco-1
Severity: important
Upgrading to openvpn 2.6 breaks communication in a tunnel I'm using.
Downgrading back to openvpn 2.5 fixes the problem.
Openvpn brings up the tunnel interface but cannot receive data. Syslog
reports auth algo inconsistency when initializing and auth errors when
receiving traffic.
I do not host the openvpn server so no logs from the server side.
Looks like a problem with the authentication algorhithm. The auth
parameter in my client config is set to "SHA256" yet the syslog
reports it as "SHA2-256".
Syslog when starting openvpn:
May 21 10:44:07 hanuri ovpn-tunnel[40673]: WARNING: Compression for receiving
enabled. Compression has been used in the past to break encryption. Sent
packets are not compressed unless "allow-compression yes" is also set.
May 21 10:44:07 hanuri ovpn-tunnel[40673]: Note: option tun-ipv6 is ignored
because modern operating systems do not need special IPv6 tun handling anymore.
May 21 10:44:07 hanuri ovpn-tunnel[40673]: OpenVPN 2.6_git x86_64-pc-linux-gnu
[SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on
May 20 2022
May 21 10:44:07 hanuri ovpn-tunnel[40673]: library versions: OpenSSL 3.0.3 3
May 2022, LZO 2.10
May 21 10:44:07 hanuri ovpn-tunnel[40674]: NOTE: the current --script-security
setting may allow this configuration to call user-defined scripts
May 21 10:44:07 hanuri ovpn-tunnel[40674]: TUN/TAP device tun0 opened
May 21 10:44:07 hanuri ovpn-tunnel[40674]: /opt/script/tunnel_postconfig.sh
tun0 1500 0 init
May 21 10:44:07 hanuri ovpn-tunnel[40674]: TCP/UDP: Preserving recently used
remote address: [AF_INET]nn.nn.nn.nn:1194
May 21 10:44:07 hanuri ovpn-tunnel[40674]: Note: enable extended error passing
on TCP/UDP socket failed (IPV6_RECVERR): Protocol not available (errno=92)
May 21 10:44:07 hanuri ovpn-tunnel[40674]: UDPv4 link local: (not bound)
May 21 10:44:07 hanuri ovpn-tunnel[40674]: UDPv4 link remote:
[AF_INET]nn.nn.nn.nn:1194
May 21 10:44:07 hanuri ovpn-tunnel[40674]: WARNING: 'auth' is used
inconsistently, local='auth SHA2-256', remote='auth SHA256'
May 21 10:44:07 hanuri ovpn-tunnel[40674]: [openvpn] Peer Connection Initiated
with [AF_INET]nn.nn.nn.nn:1194
May 21 10:44:08 hanuri ovpn-tunnel[40674]: WARNING: this configuration may
cache passwords in memory -- use the auth-nocache option to prevent this
May 21 10:44:08 hanuri ovpn-tunnel[40674]: Initialization Sequence Completed
May 21 10:44:27 hanuri ovpn-tunnel[40674]: Authenticate/Decrypt packet error:
packet HMAC authentication failed
May 21 10:44:33 hanuri last message repeated 5 times
tunnel.conf:
-8<-
tls-client
dev tun
proto udp4
remote nn.nn.nn.nn 1194
cipher AES-256-CBC
auth SHA256
resolv-retry 60
nobind
persist-key
persist-tun
ca keys/tunnel-ca.crt
cert keys/tunnel.crt
key keys/tunnel.key
remote-cert-tls server
tls-auth keys/tunnel-ta.key 1
comp-lzo
verb 1
route-nopull
tun-ipv6
script-security 2
up /opt/script/tunnel_postconfig.sh
-8<-
-- System Information:
Debian Release: bookworm/sid
APT prefers buildd-unstable
APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (1,
'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.16.0-6-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=fi_FI.utf8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages openvpn depends on:
ii debconf [debconf-2.0] 1.5.79
ii libc6 2.33-7
ii liblz4-1 1.9.3-2
ii liblzo2-2 2.10-2
ii libnl-3-200 3.5.0-0.1
ii libnl-genl-3-200 3.5.0-0.1
ii libpam0g 1.4.0-13
ii libpkcs11-helper1 1.28-1
ii libssl3 3.0.3-5
ii libsystemd0 250.4-1
ii lsb-base 11.1.0
Versions of packages openvpn recommends:
ii easy-rsa 3.0.8-1
Versions of packages openvpn suggests:
ii openssl 3.0.3-5
ii openvpn-dco-dkms 0.0+git20220421-1
pn openvpn-systemd-resolved <none>
pn resolvconf <none>
-- Configuration Files:
/etc/network/if-up.d/openvpn [Errno 13] Permission denied:
'/etc/network/if-up.d/openvpn'
-- debconf information:
* openvpn/change_init2: false
openvpn/change_init: false
* openvpn/stop2upgrade: false
* openvpn/vulnerable_prng:
* openvpn/create_tun: false
* openvpn/default_port:
--- End Message ---
--- Begin Message ---
Source: openvpn
Source-Version: 2.6.0~git20220518+dco-2
Done: Bernhard Schmidt <[email protected]>
We believe that the bug you reported is fixed in the latest version of
openvpn, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bernhard Schmidt <[email protected]> (supplier of updated openvpn package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 May 2022 15:44:41 +0200
Source: openvpn
Architecture: source
Version: 2.6.0~git20220518+dco-2
Distribution: unstable
Urgency: medium
Maintainer: Bernhard Schmidt <[email protected]>
Changed-By: Bernhard Schmidt <[email protected]>
Closes: 1011372
Changes:
openvpn (2.6.0~git20220518+dco-2) unstable; urgency=medium
.
* Add d/NEWS entry about the release notes and DCO (Closes: #1011372)
Checksums-Sha1:
0b335bdd49bdc15aebb5824adeb434b0897f40c7 2289
openvpn_2.6.0~git20220518+dco-2.dsc
4fc06128c3b0193dd841fa80d9441400fddd5cfd 59356
openvpn_2.6.0~git20220518+dco-2.debian.tar.xz
a28c4c3f1ad41934824307fdcc7920b9be384996 7862
openvpn_2.6.0~git20220518+dco-2_amd64.buildinfo
Checksums-Sha256:
5ac84304c1ca44301c676fe00389dbeccd79d2cb22241b9c2eb3545a48b26d2f 2289
openvpn_2.6.0~git20220518+dco-2.dsc
b27c3813f448738a62d9a14702d572feb8caf50ba3f21dd2508d9654711a6873 59356
openvpn_2.6.0~git20220518+dco-2.debian.tar.xz
62bdb437479997b3ea700126687f9d3473e0ce328a319b8e407aea363ae64c9e 7862
openvpn_2.6.0~git20220518+dco-2_amd64.buildinfo
Files:
9c5952aab835e4e6e5f79d7feef8efbf 2289 net optional
openvpn_2.6.0~git20220518+dco-2.dsc
8a4e3be2ed2d29a43c15cd1fa70af2d2 59356 net optional
openvpn_2.6.0~git20220518+dco-2.debian.tar.xz
e7565c18fa58847acf3652b5c67e69ae 7862 net optional
openvpn_2.6.0~git20220518+dco-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAmKUzGcRHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJOighAAhkQRGiaefaUsx/KqfmZjTB0XWyS16MW4
KdK3XMLBPp7i/Vq/lCI+bQrbWj64GU99ZZPuHGFL3eJpSYPjyNh2j6gM2Q8EZAKo
iKmHmA70ULrNve8CdMS+B0zAy8dSbyxcaK4+7cBlH0e70sjZ/L95YoXAwsGBQ4Gz
Kx19uiKPYvRlsb8GroAafnez7vhD5aihvZOitALB9J1+G7snhAGpwUnQb8XfPkFA
V/qpW5fFR9Qh682HGt20XOBEDQkUHixCcM9OfwV8Bc8mYVnNcBf6P4mBWyVB1wJR
JBFrjKhzsHW9bdd6aEPUmZ7PNV2AxeGDNLNKyeUeKdXLk/mcFCd1wanb59jBewNP
OdomeCd/di7lcWOgpRKSCdCl6/av04qK4IqtI0XK0eF6TudX+iGqFH6Jb38mEFb8
mnNKjZDQ6y0GBz6VQwBKhCydNxrubnVVAjyfBsgeoPT5hi7hCHfk0h5vff/amQqK
llLACigxCIJUCiGM8JnKUxrdQ+d5WIJo47L17CWsvVgQKHiczJPhO1TuBKbBW88r
M4OsMFIPaTOjRG8vCeCp3ah+KfJZZ6N8c4yxMr2Toq5NhwlLCoFZEEalXuoswXqr
XCaWWEgHn+ynSP6Nz/Gnuw3rWtf8wtH44Z98BQ+vqRjmwiEYHxPLZoXi2IndHQVg
vWEjgaihuD8=
=4oWx
-----END PGP SIGNATURE-----
--- End Message ---
